The biggest failure in information security is actually a failure in information technology implementation.
For many, many decades the operating systems and applications that have been made for computers have come with built-in security features. The very idea of a username and password to log into a computer pre-dates home computers by at least a decade, with Multics back in 1964. And it wasn’t the first.
But what has happened over this time is the old “arms race” where the bad guy finds a way around the restrictions put in place, so newer and more elaborate restrictions are put-up. More elaborate and complex security systems require more time to set-up, more knowledge to implement and a generally higher degree of intelligence.